Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1848
Views
0
Helpful
3
Replies

Security information on IP address or URL in Sourcefire

Go to solution
Vincent Fortrat
Level 1
Level 1

‎10-08-2015 04:01 AM

Hello everyone,

I recently deployed SFR module on ASA 5512-X and I am facing the following issue : One website that is used on a daily basis is blocked since we deployed FirePower services. Actually, it's been categorized as "Malware Site" with a bad reputation "High Risk".

I added this URL to a white list so it can be reached but the customer asks to gather some information on why it's been categorized like this. My question is : is there a Sourcefire or Cisco tool where we can see the history of a particular domain or IP address ?

I checked on senderbase.org but there is no information like this and I know Sourcefire doesn't use SenderBase anyway.

My guess is maybe this website has been hacked in the past and is delivering malware since.

Thanks in advance,

Vincent

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
alberx
Level 1
Level 1

‎10-08-2015 06:49 AM

I think Sourcefire uses brightcloud as a web reputation. Check how categorized is website you are accessing.

 

http://www.brightcloud.com/tools/change-request-url-ip.php

View solution in original post

0 Helpful
3 Replies 3

Go to solution
alberx
Level 1
Level 1

‎10-08-2015 06:49 AM

I think Sourcefire uses brightcloud as a web reputation. Check how categorized is website you are accessing.

 

http://www.brightcloud.com/tools/change-request-url-ip.php

0 Helpful

Go to solution
Vincent Fortrat
Level 1
Level 1
In response to alberx

‎10-08-2015 06:54 AM

Exactly what I was looking for ! Thanks !

Do you know if FirePower will use Cisco Security Intelligence in the future instead of Brightcloud ?

0 Helpful

Go to solution
alberx
Level 1
Level 1
In response to Vincent Fortrat

‎10-08-2015 07:17 AM

I don´t know any about SourceFire roadmaps. Sorry.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card